Ejemplo n.º 1
0
    def _validate_sign(self, dp_file, rootcerthash=None, sign_id=None):
        """Validate the given debugpolicy elf file.
        """
        # Initialize SecImageCore
        isc = SecImageCore(debug=self.debug)
        isc.config_path = self.secimage_config
        if self.authority is not None:
            isc.authority = self.authority

        # Get the supported sign_id list
        sign_id_list = isc._img_config_parser.sign_id_list

        # Validating signed images & signed image(in case of one image) for sign_ids available in sign_id list
        if sign_id is None:
            if len(dp_file) > 1:
                for sign in range(len(dp_file)):
                    logger.info(
                        '\nValidating debugpolicy signed file against ' +
                        sign_id_list[sign] + ' signature..')
                    isc.set_image_path(dp_file[sign], sign_id_list[sign])
                    isc.output_dir = os.path.dirname(dp_file[sign])
                    isc.image_info_list[0].dest_image.image_dir_ext = ''

                    # Process the signed elf
                    isc.process(val_sign=True, root_cert_hash=rootcerthash)

                    if os.path.isfile(
                            c_path.join(self.output_dir, 'SecImage_log.txt')):
                        shutil.move(
                            c_path.join(self.output_dir, 'SecImage_log.txt'),
                            c_path.join(self.output_dir,
                                        ('val_' + sign_id_list[sign] +
                                         '_secimage_log.txt')))
            else:
                for sign in range(len(sign_id_list)):
                    logger.info(
                        '\nValidating debugpolicy signed file against ' +
                        sign_id_list[sign] + ' signature..')
                    isc.set_image_path(dp_file[0], sign_id_list[sign])
                    isc.output_dir = os.path.dirname(dp_file[0])
                    isc.image_info_list[0].dest_image.image_dir_ext = ''

                    # Process the signed elf
                    isc.process(val_sign=True, root_cert_hash=rootcerthash)

                    if os.path.isfile(
                            c_path.join(self.output_dir, 'SecImage_log.txt')):
                        shutil.move(
                            c_path.join(self.output_dir, 'SecImage_log.txt'),
                            c_path.join(self.output_dir,
                                        ('val_' + sign_id_list[sign] +
                                         '_secimage_log.txt')))

        # Validating signed image for given sign_id
        else:
            if sign_id not in sign_id_list:
                raise RuntimeError('Received sign_id "' + sign_id +
                                   '" as input.' + '\n'
                                   "       Supported sign_id's are: " +
                                   str(sign_id_list))

            logger.info('\nValidating debugpolicy signed file against ' +
                        sign_id + ' signature..')
            isc.set_image_path(dp_file[0], sign_id)
            isc.output_dir = os.path.dirname(dp_file[0])
            isc.image_info_list[0].dest_image.image_dir_ext = ''

            # Process the signed elf
            isc.process(val_sign=True, root_cert_hash=rootcerthash)

            if os.path.isfile(c_path.join(self.output_dir,
                                          'SecImage_log.txt')):
                shutil.move(
                    c_path.join(self.output_dir, 'SecImage_log.txt'),
                    c_path.join(self.output_dir,
                                ('val_' + sign_id + '_secimage_log.txt')))
Ejemplo n.º 2
0
def main(args, return_isc=False):
    """Parses the command line arguments, performs any basic operations based on
    the parsed arguments and starts processing using the isc module.
    """
    # Log to file
    flids = logger.log_to_file(SECIMAGE_TOOL_NAME, args.output_dir)

    try:
        # Print the tool's launch command
        logged_args = CoreOptionParser.mask_private_args(
            sys.argv, args._c_spec_override_prefix)
        logger.info('\n\n    SecImage launched as: "' + ' '.join(logged_args) +
                    '"\n')

        # Initialize SecImageCore
        isc = SecImageCore(debug=args.debug)

        # Configure image signer
        if args.image_file or (
                args.meta_build
                and not SecImageCore.meta_supports_sign_id(args.meta_build)):
            if args.chipset:
                isc.set_chipset(args.chipset, args._c_overrides,
                                args._c_spec_overrides)
            elif args.config_path:
                isc.set_config_path(args.config_path, args._c_overrides,
                                    args._c_spec_overrides)

        # Set the input
        if args.image_file:
            isc.set_image_path(args.image_file, args.sign_id)
        elif args.meta_build:
            isc.set_meta_build_path(
                args.meta_build,
                [] if args.sign_id is None else [args.sign_id])

        # Set the output
        if args.mini_build:
            isc.mini_build_path = args.mini_build
        elif args.output_dir:
            isc.output_dir = args.output_dir

        if args.qc_signing:
            isc.authority = AUTHORITY_QC

        # Process the images
        isc.process(verify_setup=args.verify_inputs,
                    integrity_check=args.integrity_check,
                    sign=args.sign,
                    encrypt=args.encrypt,
                    decrypt=args.decrypt,
                    val_image=args.validate,
                    val_integrity_check=args.validate,
                    val_sign=args.validate,
                    val_encrypt=args.validate,
                    root_cert_hash=args.rch)

        # Print the summary
        print_summary(args, isc.image_info_list)

        if return_isc:
            return isc
        else:
            return isc.image_info_list

    finally:
        # Clear all log handlers
        logger.removeFileLogger(flids)
Ejemplo n.º 3
0
    def sign(self, dp_file, sign_id=None):
        """Sign the given debugpolicy elf file.
        """

        try:
            self.input_file_list.pop()
        except:
            pass

        # Initialize SecImageCore
        isc = SecImageCore(debug=self.debug)
        isc.config_path = self.secimage_config
        if self.authority is not None:
            isc.authority = self.authority

        # Get the supported sign_id list
        sign_id_list = isc._img_config_parser.sign_id_list

        # Generating signed images for sign_ids available in sign_id list
        if sign_id is None:
            for sign in range(len(sign_id_list)):
                isc.set_image_path(dp_file, sign_id_list[sign])
                isc.output_dir = os.path.dirname(dp_file)
                isc.image_info_list[0].dest_image.image_dir_ext = ''

                # Process the debug policy
                isc.process(sign=True)

                # Check if the signing is done or not
                if not isc.image_info_list[
                        0].status.sign.state == isc.image_info_list[
                            0].status.sign.SUCCESS:
                    raise RuntimeError(
                        'Failed to sign the debugpolicy elf file: ' +
                        isc.image_info_list[0].image_under_operation)
                logger.info('Signed debugpolicy elf file at: ' +
                            isc.image_info_list[0].image_under_operation)
                self.input_file_list.append(
                    isc.image_info_list[0].image_under_operation)

                if os.path.isfile(
                        c_path.join(self.output_dir, 'SecImage_log.txt')):
                    shutil.move(
                        c_path.join(self.output_dir, 'SecImage_log.txt'),
                        c_path.join(
                            self.output_dir,
                            (sign_id_list[sign] + '_secimage_log.txt')))

        # Generating signed image for given sign_id
        else:
            if sign_id not in sign_id_list:
                raise RuntimeError('Received sign_id "' + sign_id +
                                   '" as input.' + '\n'
                                   "       Supported sign_id's are: " +
                                   str(sign_id_list))

            isc.set_image_path(dp_file, sign_id)
            isc.output_dir = os.path.dirname(dp_file)
            isc.image_info_list[0].dest_image.image_dir_ext = ''

            # Process the debug policy
            isc.process(sign=True)

            # Check if the signing is done or not
            if not isc.image_info_list[
                    0].status.sign.state == isc.image_info_list[
                        0].status.sign.SUCCESS:
                raise RuntimeError(
                    'Failed to sign the debugpolicy elf file: ' +
                    isc.image_info_list[0].image_under_operation)
            logger.info('Signed debugpolicy elf file at: ' +
                        isc.image_info_list[0].image_under_operation)
            self.input_file_list.append(
                isc.image_info_list[0].image_under_operation)

            if os.path.isfile(c_path.join(self.output_dir,
                                          'SecImage_log.txt')):
                shutil.move(
                    c_path.join(self.output_dir, 'SecImage_log.txt'),
                    c_path.join(self.output_dir,
                                (sign_id + '_secimage_log.txt')))